Week 12: Web Services

https://www.army.mil/article/197597/citizen_warrior_of_month_vermont_cyber_security_expert

Air Force Major Jack Skoda, a cyber defense instructor in Vermont Air National Guard’s Information Operations Squadron, believes that cyberspace is “all around us, all the time.” I found it interesting how he likens cyber defense specialists as having the same attributes as military minds. His thoughts are that “they understood their domain, and they used that understanding to bring the effect they needed at the time of their choosing to win decisively,” said Skoda. “And that doesn’t change in cyber.” Major Skoda teaches Cyber Security in the military and a local community college and switched his mentality accordingly. Military personnel are problem solving, they are already thinking about budget, number of people to get a job done and how long a specific task may or may not take whereas a traditional college student doesn’t have that experience. He uses his military experience to emphasize why security protocols are important. underlying message to all his students remains consistent: know your trade, frontwards and backwards. That is why there is a shortage of warriors like him in cyber-security – the ones who have mastered this trade.

Cybersecuirty is an ever changing and because of that and how new it is there is a shortage of skills in this new field. For us who are just starting in this field this is not a bad thin cause this will mean that there are jobs out there however, a lot of the companies that are out there are slowly trying to get up to speed with secuirty. The black hat hackers however are much farther ahead of them. Since this is the case a lot of the people dont realize how susceptible they are at first until the technology and the skill set of the current employees filter though.

 

http://www.hreonline.com/HRE/view/story.jhtml?id=534363394

NSA “Red Disk” Data Leak

Another NSA tool leaked. Although this one never made it to implementation and it was never fully deployed in the field. It was designed to be a intelligence sharing application.

According to this article, it describes that a former National Security Agency employee named Nghia Hoang Pho pleaded guilty on Friday to Illegally talking classified documents home which were later stolen by Russian hackers. The article also mentions that according to authorities, the Kaspersky Labs’ antivirus software was allegedly used which is another way for Russian hackers to steal top secret NSA document and hacking exploits from Pho’s PC in 2015.

 

https://thehackernews.com/2017/12/nghia-hoang-pho-nsa.html

https://www.darkreading.com/attacks-breaches/first-us-federal-ciso-shares-security-lessons-learned

As the first CISO of the US federal government, and with an extensive background in government cybersecurity and the military, Touhill has several stories of his own. Drawing from years of experience, the Cyxtera president shared his own lessons learned to kick off an event created to bring cyber defenders together so they can discuss problems and challenges.

Recently discovered by Google Play Protect, a machine learning and app usage analysis, helped researchers at Google identify an Android spyware that was stealing information on users. The targeted devices were mostly in African countries. Infected apps with Tizi, an Android backdoor with rooting capabilities, were being advertised on social media and 3rd party app stores.

 

https://thehackernews.com/2017/11/android-spying-app.html

Research from the European Banking Authority (EBA) says that the majority of EU banks believe their operational risks will increase. Many of them are pointing to to cyber risks and data security to explain why they believe this. Another large contributor they point to is outsourcing, but I wonder if these are really the same reason. Many large breaches have come from someone getting into a vendor and then making their way into the company’s systems.

https://www.finextra.com/newsarticle/31379/banks-cite-cyber-security-and-outsourcing-as-operational-risk-concerns-grow

This is a short article, but I decided to post this one because this was a past thought I had as the US was approaching Thanksgiving, Black Friday and Cyber week/ Cyber Monday. It may still be a too early for there to be stories on hacking for this time period since today is Cyber Monday, but I will be waiting for the stories to come out in a couple weeks or so. Consumers continue to not be able to identify the safety of online shopping websites which continues to put them at risk for holiday hacking. Only 50% of the American population claims they can determine the legitimacy of online shopping websites. This was discovered by a survey conducted by the Global Cyber Alliance (GCA). Over one-third of the survey respondents stated they have stopped online purchasing due to security concerns. 27% of them overly worry due to the fear of being scammed and 12% lose sleep over it. 60% have had their machine infected with malware. This is the time of the year for cybercriminals to scam. They launch more fake websites during holiday shopping than any other time of the year. In November 2016, over 100,000 fake websites were launched that targeted over 300 brands. The most “spoof-able” sites were Amazon, Walmart and Target. Typically, scammers trick their victims by creating websites that look like the actual brand websites. A major difference is the fake site has a different IP address. The GCA discovered that nearly 77% of users have mistyped the website into their browser, clicked on a suspicious link or both.

 

https://www.darkreading.com/endpoint/half-of-americans-unsure-of-online-shopping-safety/d/d-id/1330471?

 

If you’re not aware of Shodan, it is a search engine for IoT devices. It allows you to search across publicly accessible devices worldwide. You can use this to search your own network for exposed devices, or just dig around the internet looking for things. It’s a pretty interesting tool. It also includes and API for integration with nmap/metasploit/web browsers.

A standard membership is 49$ lifetime but this coming weekend will be down to 5$ (I also think you can get a free upgrade using an .edu account, don’t quote me on that).

Yes, we're having a black friday sale 🙂 $5 Shodan Membership instead of $49 and it will run from Friday through Monday

— Shodan (@shodanhq) November 21, 2017

Intro-to-Ethical-Hacking-Week-12